1) What is Info Sec? Flashcards
Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
information security
Confidentiality, integrity, or availability?
A PIN code is required to log into an information asset.
Confidentiality
Confidentiality, integrity, or availability?
Permissions are implemented to ensure access is restricted.
Integrity
Confidentiality, integrity, or availability?
All systems are operational and accessible.
Availability
Confidentiality, integrity, or availability?
Information is being protected by role-based access.
Confidentiality
Confidentiality, integrity, or availability?
Data have not been modified from the original creation.
Integrity
Ability to prevent data from being changed in an unauthorized manner.
Integrity
Ability to protect data from those who are not authorized to view it.
Confidentiality
Ability to access data when it is needed.
Availability
Proper attribution to the owner or creator of the data.
Authenticity
Physical disposition of the media on which data is stored.
Posession
How useful the data is.
Utility
Attack Type:
Eavesdropping on a phone.
Interception
Attack Type:
DoS on a mail server.
Interruption
Attack Type:
Altering a web server config file.
Modification
Attack Type:
Spoofing emails.
Fabrication
Something that has potential to cause harm.
Threat
Weaknesses that can be used to harm us.
Vulnerability
Likeliness that something bad will happen.
Risk
The value of the asset is used to assess if a risk is present.
Impact
Identifying and categorizing the assets we are trying to protect.
Identify Assets
Begin to identify and categorize threats that could harm our assets.
Identify Threats
Identify the weakness that exist in our assets.
Assess Vulnerabilities
Assess if both a threat and a vulnerability exist.
Assess Risks
Put controls in place.
Mitigate Risks
What type of control should be used to mitigate the risk:
Server room access.
Physical